RE: [fw-wiz] result question

From: Mike Hoskins (mike_at_adept.org)
Date: 08/29/03

  • Next message: Patrick M. Hausen: "Re: [fw-wiz] An interesting VPN problem"
    To: firewall-wizards@honor.icsalabs.com
    Date: Thu, 28 Aug 2003 17:35:55 -0700 (PDT)
    
    

    Subject: RE: [fw-wiz] result question
    Date: Thu, 28 Aug 2003 15:09:26 -0400
    From: "Whiteside, Larry [contractor]" <BAE14@SPHQ.SSP.NAVY.MIL>
    To: "rmck" <rmckeever@earthlink.net>,
            <firewall-wizards@honor.icsalabs.com>
    > assuming that the port is open because there is no response. Doing UDP =
    > scans with NMAP, it wants to see a TCP reset or something to tell NMAP =
    > that it is closed. I am not sure what response it is looking for doing a
    > FIN scan, but it is probably something similar.

    UDP wants ICMP type 3. FIN wants RST. that's all in nmap(1). UDP scans
    are more useless than normal if you're blocking all ICMP somewhere along
    the line. but don't do that, you'll break PMTUD.

    -mrh

    --
    From: "Spam Catcher" <spam-catcher@adept.org>
    To: spam-catcher@adept.org
    Do NOT send email to the address listed above or
    you will be added to a blacklist!
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Patrick M. Hausen: "Re: [fw-wiz] An interesting VPN problem"